From 4c06a432716a0115698504355cd92316f8d03b2e Mon Sep 17 00:00:00 2001
From: Adar Nimrod <nimrod@shore.co.il>
Date: Sat, 7 Dec 2024 14:40:12 +0200
Subject: [PATCH] httpd: Couple of tweaks.

1. Skip the health check requests in the logs.
2. Allow health checks from nonroutable IP addresses.
---
 httpd/bookworm/Dockerfile | 2 ++
 httpd/bullseye/Dockerfile | 2 ++
 httpd/buster/Dockerfile   | 2 ++
 3 files changed, 6 insertions(+)

diff --git a/httpd/bookworm/Dockerfile b/httpd/bookworm/Dockerfile
index b869f2b..6556ce0 100644
--- a/httpd/bookworm/Dockerfile
+++ b/httpd/bookworm/Dockerfile
@@ -15,6 +15,8 @@ RUN apt-get update && \
     setcap CAP_NET_BIND_SERVICE=+ep /usr/sbin/apache2 && \
     DEBIAN_FRONTEND=noninteractive apt-get purge --auto-remove -y libcap2-bin && \
     a2enmod status && \
+    sed -i "s@combined@combined expr=\!(%{REMOTE_HOST}=='127.0.0.1'\&\&%{HTTP_USER_AGENT}=='Healthcheck')@" /etc/apache2/sites-available/000-default.conf && \
+    sed -i 's@Require local@Require ip 127.0.0.1/8 10.0.0.0/8 172.16.0.0/12 192.0.0.0/24@' /etc/apache2/mods-available/status.conf && \
     install -d -o "$APACHE_RUN_USER" -g "$APACHE_RUN_GROUP" -m 755 "$APACHE_RUN_DIR" && \
     install -d -o "$APACHE_RUN_USER" -g "$APACHE_RUN_GROUP" -m 755 "$APACHE_LOCK_DIR" && \
     install -d -o "$APACHE_RUN_USER" -g "$APACHE_RUN_GROUP" -m 755 "$APACHE_LOG_DIR" && \
diff --git a/httpd/bullseye/Dockerfile b/httpd/bullseye/Dockerfile
index cf65f77..6e05934 100644
--- a/httpd/bullseye/Dockerfile
+++ b/httpd/bullseye/Dockerfile
@@ -15,6 +15,8 @@ RUN apt-get update && \
     setcap CAP_NET_BIND_SERVICE=+ep /usr/sbin/apache2 && \
     DEBIAN_FRONTEND=noninteractive apt-get purge --auto-remove -y libcap2-bin && \
     a2enmod status && \
+    sed -i "s@combined@combined expr=\!(%{REMOTE_HOST}=='127.0.0.1'\&\&%{HTTP_USER_AGENT}=='Healthcheck')@" /etc/apache2/sites-available/000-default.conf && \
+    sed -i 's@Require local@Require ip 127.0.0.1/8 10.0.0.0/8 172.16.0.0/12 192.0.0.0/24@' /etc/apache2/mods-available/status.conf && \
     install -d -o "$APACHE_RUN_USER" -g "$APACHE_RUN_GROUP" -m 755 "$APACHE_RUN_DIR" && \
     install -d -o "$APACHE_RUN_USER" -g "$APACHE_RUN_GROUP" -m 755 "$APACHE_LOCK_DIR" && \
     install -d -o "$APACHE_RUN_USER" -g "$APACHE_RUN_GROUP" -m 755 "$APACHE_LOG_DIR" && \
diff --git a/httpd/buster/Dockerfile b/httpd/buster/Dockerfile
index d9db471..f852209 100644
--- a/httpd/buster/Dockerfile
+++ b/httpd/buster/Dockerfile
@@ -15,6 +15,8 @@ RUN apt-get update && \
     setcap CAP_NET_BIND_SERVICE=+ep /usr/sbin/apache2 && \
     DEBIAN_FRONTEND=noninteractive apt-get purge --auto-remove -y libcap2-bin && \
     a2enmod status && \
+    sed -i "s@combined@combined expr=\!(%{REMOTE_HOST}=='127.0.0.1'\&\&%{HTTP_USER_AGENT}=='Healthcheck')@" /etc/apache2/sites-available/000-default.conf && \
+    sed -i 's@Require local@Require ip 127.0.0.1/8 10.0.0.0/8 172.16.0.0/12 192.0.0.0/24@' /etc/apache2/mods-available/status.conf && \
     install -d -o "$APACHE_RUN_USER" -g "$APACHE_RUN_GROUP" -m 755 "$APACHE_RUN_DIR" && \
     install -d -o "$APACHE_RUN_USER" -g "$APACHE_RUN_GROUP" -m 755 "$APACHE_LOCK_DIR" && \
     install -d -o "$APACHE_RUN_USER" -g "$APACHE_RUN_GROUP" -m 755 "$APACHE_LOG_DIR" && \
-- 
GitLab